CVE-2024-9482 – An out-of-bounds write vulnerability in AVG/Ava... (How to Fix)

Q: How do I fix CVE-2024-9482?

1. Open AVG/Avast Antivirus on macOS. 2. Check for updates in the application settings. 3. Ensure signature database is updated to version 24092400 or later. 4. Verify update completion through the application interface.

Q: What is the severity of CVE-2024-9482?

CVE-2024-9482 has a CVSS score of 5.1 (MEDIUM). An out-of-bounds write vulnerability in AVG/Avast Antivirus for macOS allows a specially crafted Mach-O file to crash the antivirus application during file processing. This affects macOS users running AVG/Avast Antivirus with signature versions older than 24092400. The vulnerability could potentially be leveraged for denial of service or further exploitation.

📋 TL;DR

An out-of-bounds write vulnerability in AVG/Avast Antivirus for macOS allows a specially crafted Mach-O file to crash the antivirus application during file processing. This affects macOS users running AVG/Avast Antivirus with signature versions older than 24092400. The vulnerability could potentially be leveraged for denial of service or further exploitation.

💻 Affected Systems

Products:

AVG Antivirus for macOS
Avast Antivirus for macOS

Versions: Signature versions < 24092400

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the macOS versions of these antivirus products. Vulnerability is triggered during file scanning of malicious Mach-O files.

📦 What is this software?

Antivirus by Avast

View all CVEs affecting Antivirus →

Antivirus by Avg

View all CVEs affecting Antivirus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Potential remote code execution if the crash can be weaponized to execute arbitrary code, though this would require additional exploitation techniques beyond the described crash.

🟠

Likely Case

Denial of service through antivirus application crash, potentially leaving the system temporarily unprotected until the service restarts.

🟢

If Mitigated

Minimal impact if the antivirus service automatically restarts and the malicious file is quarantined.

🌐 Internet-Facing: LOW - Requires local file processing, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Could be exploited via malicious files delivered through email, downloads, or shared drives within the organization.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires delivering a malicious Mach-O file to the target system and having it scanned by the antivirus. No authentication required to trigger the vulnerability once the file is present.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Signature version 24092400 or later

Vendor Advisory: https://support.norton.com/sp/static/external/tools/security-advisories.html

Restart Required: No

Instructions:

1. Open AVG/Avast Antivirus on macOS. 2. Check for updates in the application settings. 3. Ensure signature database is updated to version 24092400 or later. 4. Verify update completion through the application interface.

🔧 Temporary Workarounds

Temporary scanning exclusion

macOS

Temporarily exclude Mach-O files from scanning (not recommended for production)

🧯 If You Can't Patch

Isolate affected systems from untrusted file sources
Implement application whitelisting to prevent execution of unknown Mach-O files

🔍 How to Verify

Check if Vulnerable:

Check antivirus signature version in AVG/Avast interface - if below 24092400, system is vulnerable.

Check Version:

Check through AVG/Avast GUI: Settings > About or similar menu option

Verify Fix Applied:

Confirm signature version shows 24092400 or higher in the antivirus application.

📡 Detection & Monitoring

Log Indicators:

Antivirus service crash logs
Unexpected termination of AVG/Avast processes
Error messages related to Mach-O file processing

Network Indicators:

Unusual file transfer patterns preceding antivirus crashes

SIEM Query:

source="avg_logs" OR source="avast_logs" AND (event_type="crash" OR message="*Mach-O*" OR message="*out of bounds*")

📊 Metadata

CVE ID: CVE-2024-9482

CVSS v3 Score: 5.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

Published: October 4, 2024

Last Updated: November 8, 2024

🔗 References

https://support.norton.com/sp/static/external/tools/security-advisories.html Not Applicable

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9482, you might also want to check these: